I’m in the process of setting up my own email server and homemade firewall using IPFire. Expect future blog posts on that! For now I’ve decided to push this blog live using a cheap Digital Ocean droplet.
The OS of choice is Alma Linux 10 on recommendation of my IT friend. For now we’re using a $6 droplet.
From the Digital Ocean dashboard it will give you an IP address. Grab it and run:
ssh root@<ip address>
After logging in the first thing I like to do is update my system.
# Add a repo for extra packages
sudo dnf install epel-release
dnf update
Let’s Get Our Static Site Generator Installed
While my default instinct from LFS is to build from scratch, Loris has made a prebuilt musl build. For the sake of simplicity we’re going to use that.
dnf install wget
wget https://github.com/kristoff-it/zine/releases/download/v0.11.2/x86_64-linux-musl.tar.xz
tar -xf x86_64-linux-musl.tar.xz
# Install zine to /usr/bin
mv -v zine /usr/bin/
Basic Firewall
dnf install firewalld
# This will make firewalld auto start on boot
systemctl enable --now firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Public Exposure
Zine has a built in web server, but it’s only for local development. Let’s get some tools:
# Some of these packages require the repo added above
sudo dnf install certbot python3-certbot-nginx nginx fail2ban
# Enable and start
sudo systemctl enable --now nginx
sudo systemctl enable --now fail2ban
Now that we have a working version of Zine and Nginx, we need to copy our blog files over. The -r flag is necessary to copy directories recursively and -v adds verbose output on the operations. You can omit -v if you don’t want that.
This assumes you have run zine release to generate a static version of your site in your project directory — the one you ran zine init in. Mine is just blog.
Let’s remove all the default files in /usr/share/nginx/html:
rm -rfv /usr/share/nginx/html/*
Then from a new terminal, run the following, replacing <ip> with the IP address of your server:
rsync -avz --delete public/* root@<ip>:/usr/share/nginx/html/
Setup SSL Certificates
We need to set our server name in /etc/nginx/nginx.conf to our domain:
sed -i 's/server_name _;/server_name dakotajkeeler.com www.dakotajkeeler.com;/' /etc/nginx/nginx.conf
sudo certbot --nginx -d dakotajkeeler.com -d www.dakotajkeeler.com
Access From the Web
Now you can go to the IP address of your Digital Ocean droplet and access your site. If you’re not accessing your website through the server_name in my case dakotajkeeler.com but using the ip address of the server you’ll get a ssl error. You can safely advance through.
Lastly, you can buy a domain if you don’t want to manually type the IP address of your server. This process varies widely from place to place — a little bit of Google and YouTube goes a long way.
PS the static site generated in zine is not phone friendly yet.
Sincerely, a concrete worker.
May the peace and grace of our Lord be with you.